-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tuf-on-ci migration preparation #1247
Labels
enhancement
New feature or request
Comments
This was referenced May 31, 2024
Merged
jku
added a commit
to jku/community
that referenced
this issue
Jun 6, 2024
As part of sigstore/root-signing#1247 root-signing requires some project setting changes: * Allow and encourage merge commits: signing event branches are collaboration branches where individual commits have different authors and actual meaning. * Do not require linear history: signing events make sense as slightly longer lived branches: preserving this history make sense * Remove two required checks that are replaced by tuf-on-ci checks (which can be made required in a later commit) * Add branch protection for "publish" * Modify branch protection for "main": * Remove sigstore-keyholders from pushRestrictions list: this looks like a mistake, keyholders should not have permissions for main * Add sigstore-bot as a PR bypasser (this is how online signing happens) Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This was referenced Jun 6, 2024
jku#1 contains the workflow enabling/disabling commits that we should include in the initial signing event branch (to disable legacy workflows and enable tuf-on-ci ones) |
bobcallaway
pushed a commit
to sigstore/community
that referenced
this issue
Jun 20, 2024
* root-signing: Prepare for tuf-on-ci migration As part of sigstore/root-signing#1247 root-signing requires some project setting changes: * Allow and encourage merge commits: signing event branches are collaboration branches where individual commits have different authors and actual meaning. * Do not require linear history: signing events make sense as slightly longer lived branches: preserving this history make sense * Remove two required checks that are replaced by tuf-on-ci checks (which can be made required in a later commit) * Add branch protection for "publish" * Modify branch protection for "main": * Remove sigstore-keyholders from pushRestrictions list: this looks like a mistake, keyholders should not have permissions for main * Add sigstore-bot as a PR bypasser (this is how online signing happens) Signed-off-by: Jussi Kukkonen <jkukkonen@google.com> * root-signing: Also remove dismissal permissions from keyholders It looks like the team may not even be needed in the end so make sense to remove this fairly inconsequential permission as well. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com> --------- Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This comment was marked as duplicate.
This comment was marked as duplicate.
FYI @haydentherapper |
marking this closed: the actual migration is in #1320 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In preparation for #929, we should do all preparing steps that are not limited by the online signing schedule and that will not affect the current day-to-day operation of this repository.
Checklist of things to do before the signing event
targets/
so its content match the expected repository artifactsThe text was updated successfully, but these errors were encountered: